NHS Severely Affected by Large Scale Computer Virus Attack

Wednesday 17th May 2017

NHS computer systems faced a wide scale cyberattack on Friday which lead to patients being diverted away from accident and emergency units, routine surgery and GP appointments being cancelled and a wave of disruption, as part of a wider cyber-attack aiming to extort affected users and organisations.

As many hospitals are recovering and fewer and fewer units are diverting patients, the attack has put the spotlight on the importance of computers and computer security in health care, and questions are being asked on how the virus managed to infect and severely affect the working of NHS services.

The virus, a ransomware piece of malware (malicious software) by the name of Wanna Decryptor (sometimes shortened to WCry, WannaCry or WannaCrypt) infected NHS’s network on Friday, as well as major organisations in 74 other countries, including FedEx and Spanish telephone company Telefonica.

WannaCry is a computer worm, which is a standalone piece of malware that unlike many computer viruses does not spread through an infected program but instead replicates itself and spreads across to other computers, generally by scanning the internet and computer networks to find vulnerable host computers, exploiting vulnerabilities in operating systems and networks, and spreading. This in itself will slow down computers, but WannaCry has a program within it that does a lot more damage than simply existing.

WannaCry is what is known as a ransomware programme, which unlike many malware program, doesn’t quietly affect the computer or force a crash or cause other negative effects, it loads a program that restricts access to the computer and its files, and requests something in order for their safe return, usually money although in the past ransomware such as SpySheriff would imitate the look of anti-virus software and demand their software be purchased in order to get rid of the malicious viruses on a computer system.

WannaCry specifically encrypts (or claims to encrypt, ransomware is built upon social engineering and extortion) important files, claiming that only their decryption “service” can be used to fix the problem, and demanding 0.3 Bitcoin (an encrypted currency that is very difficult to trace, which roughly equals $300 or £230) for the safe release of files, stressing that the infected computer’s owners “have not so enough time” to decide to pay, with the payment doubling in 3 days and the ability to decrypt being lost in 7 days. As such, ransomware is very popular among hackers and criminals as it is a quick way to extort money

Ransomware was a bigger issue with older operating systems such as Windows XP, which allowed users and programs a lot of access to the operating system, and required relatively constant security patches to keep the system from being infected. This is increasingly true since the extended support period of Windows XP ended on April 8 2014, although the UK Home Office are denying that Windows XP use on NHS computers is related.

There was a “kill switch” on this particular strain of malware, discovered by accident by a security researcher, suggesting the malware was not particularly sophisticated. It is not known if this was a targeted attack on the NHS or if the aging system which had recently ended an extended support package with Microsoft simply meant it was much easier to infect.

In any case, the disruption and expense caused to 61 NHS trusts and organisations across England and Scotland is a wakeup call for healthcare professionals who use computer networks in their work to be mindful of security, to keep computers updated and secure, and to ensure all staff are trained in the basics of computer security best practice in order to avoid disruption for staff and patients alike, and sensitive information either becoming inaccessible or worse.